SOLO.ro cli
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s accounting purpose is coherent, but it asks users to install an unreviewed third-party CLI that handles SOLO.ro passwords, cookies, financial data, uploads, and deletions.
Review the upstream solo-cli project before installing, protect the local config and cookie files, and require explicit confirmation before any upload or delete command that changes accounting data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user would need to trust an external executable not reviewed in these artifacts with access to their SOLO.ro account.
The skill directs users to install an external CLI from a third-party Homebrew tap, while the provided artifacts contain no code or install spec to verify what will handle the user’s accounting credentials and data.
If the `solo-cli` command is not available, install via Homebrew: ```bash brew install rursache/tap/solo-cli ```
Only install from a source you trust, review the upstream project or Homebrew formula first, and prefer an official SOLO.ro-supported tool if available.
If the config or cookie files are exposed, another party or process could potentially access sensitive accounting information or account functions.
The skill instructs users to store SOLO.ro login credentials and session cookies locally for a financial account, even though the registry metadata declares no primary credential.
"username": "your_email@solo.ro", "password": "your_password" ... Session cookies are cached to `~/.config/solo-cli/cookies.json`
Protect the config and cookie files with restrictive permissions, use a dedicated account with the least necessary access if possible, and remove cached cookies when no longer needed.
A mistaken upload or deletion could affect accounting workflows or remove a queued document.
The documented commands can upload expense documents and delete queued accounting items. They are purpose-aligned and shown as user-directed commands, but they can still mutate business records.
Upload: `solo-cli upload file.pdf` - Delete: `solo-cli queue delete <ID>`
Confirm the file path and queue ID before running upload or delete commands, and ask the agent to show the exact command before executing mutating actions.